ID CVE-2015-2473
Summary Untrusted search path vulnerability in the client in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_7:-:sp1:-:-:-:-:x64
    cpe:2.3:o:microsoft:windows_7:-:sp1:-:-:-:-:x64
  • cpe:2.3:o:microsoft:windows_7:-:sp1:-:-:-:-:x86
    cpe:2.3:o:microsoft:windows_7:-:sp1:-:-:-:-:x86
  • Microsoft Windows Server 2008 R2 Service Pack 1
    cpe:2.3:o:microsoft:windows_server_2008:r2:sp1
CVSS
Base: 9.3 (as of 17-08-2015 - 14:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
msbulletin via4
bulletin_id MS15-082
bulletin_url
date 2015-08-11T00:00:00
impact Remote Code Execution
knowledgebase_id 3080348
knowledgebase_url
severity Important
title Vulnerabilities in RDP Could Allow Remote Code Execution
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS15-082.NASL
description The remote Windows host is missing a security update. It is, therefore affected by the following vulnerabilities : - A spoofing vulnerability exists due to the Remote Desktop Session Host (RDSH) not properly validating certificates during authentication. An man-in-the-middle attacker can exploit this to impersonate a client session by spoofing a TLS/SSL server via a certificate that appears valid. (CVE-2015-2472) - A code execution vulnerability exists due to the Remote Desktop Protocol client not properly handling the loading of certain specially crafted DLL files. An attacker, by placing a malicious DLL in the user's current working directory and convincing the user to open a crafted RDP file, can exploit this issue to execute arbitrary code in the context of the user. (CVE-2015-2473)
last seen 2019-02-21
modified 2018-11-15
plugin id 85332
published 2015-08-11
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=85332
title MS15-082: Vulnerability in RDP Could Allow Remote Code Execution (3080348)
refmap via4
ms MS15-082
sectrack 1033242
Last major update 17-08-2015 - 14:44
Published 14-08-2015 - 20:59
Last modified 12-10-2018 - 18:09
Back to Top